Apr 04 2023 01:22 AM
I have noticed that most malware detections are released in YARA language and Sentinel does not have baked in support for YARA rule.
Keen to understand how others are dealing with this situation.
Apr 18 2024 04:50 AM
Apr 19 2024 06:06 AM
If you have access to Microsoft Copilot for Security you can prompt to get a conversion (other AI may also work)
The basic prompt I've used (and you can probably refine this):
create kql from this YARA rule < then paste in the YARA rule >
Note: The KQL isnt always perfect and may need to be checked and tweaked.
I've tried examples from: https://github.com/Yara-Rules/rules